Asked by:

Posting a WSTrustClient token to Geneva Server

Question

An organization with two non-trusting but internal AD domains, each with a Geneva Server (GS) STSAn external RPPassiveFederation using browsers and forms-based auth

The customer has strict requirements about hiding the fact that there are two STS's "behind the scenes". In the default configuration for this scenario, the RP redirects to the "primary" GS. Normally this would cause ipselection.aspx.cs to be used where the user has to choose an STS. Customer hates this.

What I'm trying to do is bypass ipselection and go straight to formssignin.aspx. There I'll examine the credentials. If the credentials are for the primary domain all is well. If the credentials belong to the second domain (fronted by the secondary STS) I'll request a token using WSTrustClient. So far so good and this part seems to be working.

Now, what I need to do to finish the scenario is POST the acquired token back to the primary GS so that it completes the sequence and eventually returns the browser back to the RP. I have no idea how to do that and can't find a sample that seems to apply.